Mail certificate expired?

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mail.prospectid.com

I ran this command:NA

It produced this output: NA

My web server is (include version): nginx

The operating system my web server runs on is (include version):CentOS Linux release 8.5.2111
My hosting provider, if applicable, is: linode

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):none

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.20.0

Hi, it's me again. Sorry, but got excellent advice last time, but have a different issue this time. I am running a mail server with iRedMail installed and I'm trying to add it as an external smtp for a client on his zoho account. I received an error and their support says "could not add the external IMAP account as the connection certificate was invalid"

They then gave me the following url to check:
https://www.sslshopper.com/ssl-checker.html#hostname=mail.prospectid.com:993

when I check the server name it gives me a valid result:
https://www.sslshopper.com/ssl-checker.html#hostname=mail.prospectid.com

Why would the one say the certificate has expired?

2

Could be numerous things, e.g.:

  • Your IMAP service wasn't reloaded after the renewal;
  • Your IMAP service is configured to use the incorrect certificate.

Funny thing is, your SMTP service is actually using the correct certificate. But your POP3 service isn't. So probably Dovecot requires a reload or correct configuration of its certificate.

2 Likes
3

would this be a good place to start?

4

No. Or: partly. Because:

  • That post mostly is about installing the certificate in the first place, which you already have done, otherwise you wouldn't also be serving the previously, now-expired certificate;
  • However, it does show the correct location of the files, so you can use it to doublecheck your own configuration;
  • But it uses dovecot restart which in theory leads to a little bit of downtime. However, the dovecot program has the reload command, which will just do that: reload the configuration. Without downtime. Which is obviously better than restarting the entire thing with downtime.
3 Likes
5

Thanks @Osiris, reload command seems to have fixed it. The iRedmail install generated a lot of weird configs which I'm working through

2 Likes
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.